* Version $Id$
*/
/*
- Copyright (C) 2000-2004 Kern Sibbald
+ Copyright (C) 2000-2005 Kern Sibbald
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License
+ version 2 as ammended with additional clauses defined in the
+ file LICENSE in the main source directory.
- This library is distributed in the hope that it will be useful,
+ This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
{
int32_t nleft, nread;
+#ifdef HAVE_TLS
+ if (bsock->tls) {
+ /* TLS enabled */
+ return (tls_bsock_readn(bsock, ptr, nbytes));
+ }
+#endif /* HAVE_TLS */
+
nleft = nbytes;
while (nleft > 0) {
do {
}
return nbytes;
}
+
+#ifdef HAVE_TLS
+ if (bsock->tls) {
+ /* TLS enabled */
+ return (tls_bsock_writen(bsock, ptr, nbytes));
+ }
+#endif /* HAVE_TLS */
+
nleft = nbytes;
while (nleft > 0) {
do {
if (rc < 0) {
if (!bsock->suppress_error_msgs && !bsock->timed_out) {
Qmsg4(bsock->jcr, M_ERROR, 0,
- _("Write error sending to %s:%s:%d: ERR=%s\n"), bsock->who,
+ _("Write error sending len to %s:%s:%d: ERR=%s\n"), bsock->who,
bsock->host, bsock->port, bnet_strerror(bsock));
}
} else {
}
if (rc < 0) {
if (!bsock->suppress_error_msgs) {
- Qmsg4(bsock->jcr, M_ERROR, 0,
- _("Write error sending to %s:%s:%d: ERR=%s\n"), bsock->who,
+ Qmsg5(bsock->jcr, M_ERROR, 0,
+ _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
+ bsock->msglen, bsock->who,
bsock->host, bsock->port, bnet_strerror(bsock));
}
} else {
}
/*
- * Establish an SSL connection -- server side
- * Codes that ssl_need and ssl_has can take
- * BNET_SSL_NONE I cannot do ssl
- * BNET_SSL_OK I can do ssl, but it is not required on my end
- * BNET_SSL_REQUIRED ssl is required on my end
+ * Establish a TLS connection -- server side
+ * Returns: 1 on success
+ * 0 failure
*/
-int bnet_ssl_server(BSOCK * bsock, char *password, int ssl_need, int ssl_has)
+#ifdef HAVE_TLS
+int bnet_tls_server(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list)
{
- /* Check to see if what we need (ssl_need) corresponds to what he has (ssl_has) */
- /* The other side expects a response from us */
+ TLS_CONNECTION *tls;
+
+ tls = new_tls_connection(ctx, bsock->fd);
+ if (!tls) {
+ Qmsg0(bsock->jcr, M_FATAL, 0, _("TLS connection initialization failed.\n"));
+ return 0;
+ }
+
+ bsock->tls = tls;
+
+ /* Initiate TLS Negotiation */
+ if (!tls_bsock_accept(bsock)) {
+ Qmsg0(bsock->jcr, M_FATAL, 0, _("TLS Negotiation failed.\n"));
+ goto err;
+ }
+
+ if (verify_list) {
+ if (!tls_postconnect_verify_cn(tls, verify_list)) {
+ Qmsg1(bsock->jcr, M_FATAL, 0, _("TLS certificate verification failed."
+ " Peer certificate did not match a required commonName\n"),
+ bsock->host);
+ goto err;
+ }
+ }
+
return 1;
+
+err:
+ free_tls_connection(tls);
+ bsock->tls = NULL;
+ return 0;
}
/*
- * Establish an SSL connection -- client side
+ * Establish a TLS connection -- client side
+ * Returns: 1 on success
+ * 0 failure
*/
-int bnet_ssl_client(BSOCK * bsock, char *password, int ssl_need)
+int bnet_tls_client(TLS_CONTEXT *ctx, BSOCK * bsock)
{
- /* We are the client so we must wait for the server to notify us */
+ TLS_CONNECTION *tls;
+
+ tls = new_tls_connection(ctx, bsock->fd);
+ if (!tls) {
+ Qmsg0(bsock->jcr, M_FATAL, 0, _("TLS connection initialization failed.\n"));
+ return 0;
+ }
+
+ bsock->tls = tls;
+
+ /* Initiate TLS Negotiation */
+ if (!tls_bsock_connect(bsock)) {
+ goto err;
+ }
+
+ if (!tls_postconnect_verify_host(tls, bsock->host)) {
+ Qmsg1(bsock->jcr, M_FATAL, 0, _("TLS host certificate verification failed. Host %s did not match presented certificate\n"), bsock->host);
+ goto err;
+ }
+
return 1;
-}
+err:
+ free_tls_connection(tls);
+ bsock->tls = NULL;
+ return 0;
+}
+#endif /* HAVE_TLS */
/*
* Wait for a specified time for data to appear on
FD_SET((unsigned)bsock->fd, &fdset);
tv.tv_sec = sec;
tv.tv_usec = 0;
- for (;;) {
- switch (select(bsock->fd + 1, &fdset, NULL, NULL, &tv)) {
- case 0: /* timeout */
- bsock->b_errno = 0;
- return 0;
- case -1:
- bsock->b_errno = errno;
- return -1; /* error return */
- default:
- bsock->b_errno = 0;
- return 1;
- }
+ switch (select(bsock->fd + 1, &fdset, NULL, NULL, &tv)) {
+ case 0: /* timeout */
+ bsock->b_errno = 0;
+ return 0;
+ case -1:
+ bsock->b_errno = errno;
+ return -1; /* error return */
+ default:
+ bsock->b_errno = 0;
}
+ return 1;
}
#ifndef NETDB_INTERNAL
static const char *gethost_strerror()
{
const char *msg;
+ berrno be;
switch (h_errno) {
case NETDB_INTERNAL:
- msg = strerror(errno);
+ msg = be.strerror();
break;
case NETDB_SUCCESS:
msg = "No problem.";
return true;
}
+/*
+ * Set socket non-blocking
+ * Returns previous socket flag
+ */
+int bnet_set_nonblocking (BSOCK *bsock) {
+#ifndef WIN32
+ int oflags;
+
+ /* Get current flags */
+ if((oflags = fcntl(bsock->fd, F_GETFL, 0)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_GETFL error. ERR=%s\n", be.strerror());
+ }
+
+ /* Set O_NONBLOCK flag */
+ if((fcntl(bsock->fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_SETFL error. ERR=%s\n", be.strerror());
+ }
+
+ bsock->blocking = 0;
+ return oflags;
+#else
+ int flags;
+ u_long ioctlArg = 1;
+
+ flags = bsock->blocking;
+ ioctlsocket(bsock->fd, FIONBIO, &ioctlArg);
+ bsock->blocking = 0;
+
+ return (flags);
+#endif
+}
+
+/*
+ * Set socket blocking
+ * Returns previous socket flags
+ */
+int bnet_set_blocking (BSOCK *bsock) {
+#ifndef WIN32
+ int oflags;
+ /* Get current flags */
+ if((oflags = fcntl(bsock->fd, F_GETFL, 0)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_GETFL error. ERR=%s\n", be.strerror());
+ }
+
+ /* Set O_NONBLOCK flag */
+ if((fcntl(bsock->fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_SETFL error. ERR=%s\n", be.strerror());
+ }
+
+ bsock->blocking = 1;
+ return (oflags);
+#else
+ int flags;
+ u_long ioctlArg = 0;
+
+ flags = bsock->blocking;
+ ioctlsocket(bsock->fd, FIONBIO, &ioctlArg);
+ bsock->blocking = 1;
+
+ return (flags);
+#endif
+}
+
+/*
+ * Restores socket flags
+ */
+void bnet_restore_blocking (BSOCK *bsock, int flags) {
+#ifndef WIN32
+ if((fcntl(bsock->fd, F_SETFL, flags)) < 0) {
+ berrno be;
+ Emsg1(M_ABORT, 0, "fcntl F_SETFL error. ERR=%s\n", be.strerror());
+ }
+
+ bsock->blocking = (flags & O_NONBLOCK);
+#else
+ u_long ioctlArg = flags;
+
+ ioctlsocket(bsock->fd, FIONBIO, &ioctlArg);
+ bsock->blocking = 1;
+#endif
+}
+
+
/*
* Send a network "signal" to the other end
* This consists of sending a negative packet length
bool bnet_sig(BSOCK * bs, int sig)
{
bs->msglen = sig;
+ if (sig == BNET_TERMINATE) {
+ bs->suppress_error_msgs = true;
+ }
return bnet_send(bs);
}
case BNET_PROMPT:
return "BNET_PROMPT";
default:
- sprintf(buf, "Unknown sig %d", bs->msglen);
+ sprintf(buf, "Unknown sig %d", (int)bs->msglen);
return buf;
}
}
BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
memset(bsock, 0, sizeof(BSOCK));
bsock->fd = sockfd;
+ bsock->tls = NULL;
bsock->errors = 0;
+ bsock->blocking = 1;
bsock->msg = get_pool_memory(PM_MESSAGE);
bsock->errmsg = get_pool_memory(PM_MESSAGE);
bsock->who = bstrdup(who);
for (; bsock != NULL; bsock = next) {
next = bsock->next;
if (!bsock->duped) {
+#ifdef HAVE_TLS
+ /* Shutdown tls cleanly. */
+ if (bsock->tls) {
+ tls_bsock_shutdown(bsock);
+ free_tls_connection(bsock->tls);
+ bsock->tls = NULL;
+ }
+#endif /* HAVE_TLS */
if (bsock->timed_out) {
shutdown(bsock->fd, 2); /* discard any pending I/O */
}
projects / bacula / bacula / blobdiff